Internet of Things – Manage the risks while you enjoy the benefits

The Internet of Things (IoT) is creating unprecedented opportunities for both individuals and organizations while, automating processes, increasing reach and efficiencies. Enabling a value-add from networked connections among people, processes, data, and things, these connected devices are impacting the way we live our lives, transforming everything from the way we deliver healthcare to the way we run our homes our manufacturing units and other critical infrastructure.

Many of the devices we use today are connected devices performing critical functions which range from smart home appliances to medical devices to connected cars, etc. By 2020, the number of these devices is expected to exceed 40 billion.

IoT is experiencing exponential growth fueled by decreasing costs in computing, the proliferation of mobile devices, ubiquitous connectivity and the rise of cloud computing. While, it has created a plethora of new opportunities, with more and new device types connecting to the extended network, it is very prone to cyber attacks for the fact that they are an extremely valuable proposition for cyber criminals.

Cyber criminals have many ways to gain access to systems and information. Hence, the systems, thought to be safe are vulnerable to a cyber threat, making it a dire necessity to understand that one doesn’t need a mere networked connection but a secure networked connection.

With the threat of cyber attacks increasing exponentially, it is a daunting challenge for companies to ensure their systems are safeguarded from these potential attacks. Hence, securing IoT has to be the foundation stone to delivering on the promise of the vision. From smart cities to connected cars to connected home appliances to critical infrastructure, we need to protect and manage devices and communications on a global scale.

Risk management strategies

Securing by design

Security should be built into products and processes by design so that it doesn’t hamper the business. And, this would call for an analysis of assets, and an in-depth understanding of potential threat models to help determine the security lifecycle of products and their associated business models.

Risk identification

Identify where the risks are coming from and understand how to manage those risks. Many a time, the risks will not be obvious and therefore, will require critical review.

Understanding the three dimensions of IoT cyber security

It is essential to understand the three dimensions - devices, ecosystems, and use cases, each with diverse levels of complexity and impact on enterprise cyber security.

Formulating defensive strategy

Creating a defensive and protective strategy is central to an effective IoT program. It is important to understand that these security measures will need to evolve as threats change over time. Having a static strategy in place will not yield the desired results in a rapidly evolving security landscape.

Threat detection and response solutions

Managing and controlling IoT risk effectively will need to extend beyond simply controlling the device in hand, office or enterprise. Devices represent just the ‘tip of the iceberg’ for IoT security. It is well-known that optimizing our security today is all about anticipating the unknown and formulate a – ‘protect, detect and respond strategy’.

It is important to recognize the reality that the potential threat surfaces increase significantly because of the dimensions of "things" that are being connected, and because of the diverse types of devices, platforms and players that are being included.

As the digital world becomes more complex, enterprises will constantly need to review their approach with respect to security of their enterprise to ensure they plug the gaps.

Further insights available in KPMG report on Risk or reward: What lurks within your IoT? | Strategies to maximize IoT security in the enterprise